MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
SHA3-384 hash: 37717a3b15ea1eef42e4346175ba6656128833d8a83fdacb21b13c21b48b0612a906d8242677ad1c01b130a031f3cf70
SHA1 hash: b455f535495fbdb03b6b34c331bed5a2cee7171d
MD5 hash: 7aced7e1b8e9908c16a154758b671f78
humanhash: zebra-mississippi-beer-oklahoma
File name:INV20200531RFQ6748.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-02 16:01:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e6a59265a67f17a8bb6e5f161c02ce7d (1 x GuLoader)
ssdeep 1536:POSPfxV40pbpz39kgrKHxLdGKc+o0FDHdZ1gIygE8Xkf9m:PnPXL3lKVdhjFD9zn
Threatray 1'479 similar samples on MalwareBazaar
TLSH DFB38D03ED4D8653D0844BBD2C679E793B0DB90D0D445BDF76B56E9BAD312022CAB21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail1.bm-cheap.site
Sending IP: 62.173.139.179
From: "Jennifer R. Lingad" <jlingad@dorniertechnology.com>
Subject: Re:request for PO
Attachment: INV20200531RFQ6748.gz (contains "INV20200531RFQ6748.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1WAGoGMIRBqecNTPBOW4srU7WAVClT1Wp

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6164/
Detection(s):
Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 16:36:03 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=umyudboey64bgecsggvft67sarnr7jmv7vf7girxaejje2x4estq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e
GuLoader
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
+ 1'469 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x3laccce1j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 12cb2b3094a89495437f27c90a02bc8426b88467f5260eaa3589bb5fca322fd0

GuLoader

Executable exe a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374621/
  
Dropped by
MD5 3f53f8e758060318cce8fc1a26ec0e73
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6164/
  
Dropped by
SHA256 12cb2b3094a89495437f27c90a02bc8426b88467f5260eaa3589bb5fca322fd0

Comments